by Anonymous Coward writes:
on Thursday June 28, 2018 @08:51PM (#56862814)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
For every five hundred thousand or so obstinate windows users who think they are punishing us, there is one that it might sink through to. We'll continue to try to save the ones that deserve it, thank you. You can strive to become worthy or you can continue to get bent.
Here's the problem. "Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to manually boot from a recovery CD and replace the infected files. Some AV companies provide bootable CDs that can run their software. The best ones use Linux because the Linux NTFS driver just ignores permissions and lets them access those system files and delete them. Then you can use a Windows install disk or the Windows 10 recovery system to replace them and get the system running.
It's a manual process, the rebooting from CD/USB drive and then running the Windows recovery can't be automated.
Push a patch as a UEFI module and reboot? SecureBoot will validate itâ€(TM)s signature and it can be staged to run before the drive firmware.
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
I guess you've never heard of bios or boot sector virus/trojan. This is well documented over the last 3 decades. There are trojans that can infect drivers or system services, which in many cases can't be automatically removed. In those cases, the best bet is to wipe the system and do a fresh install. Back in the 90's there was a particularly bad boot sector virus that bricked thousands of systems. That was before bios had any virus protection. These days most MB have bios virus protection, so bricking a MB
Dude, I'm a Microsoft fanboi... also a Linux fanboi... WSL is like Christmas every day for me. I have Macs also... I don't really know why... but they are pretty. I buy them and swear I'll use them someday. I am an iPhone user though. I have and love my iPhone 6S Plus and can't wait to get a new battery for it in Paris in a few weeks.
People like debating about which OS is best. The answer is pretty simple... they're all pretty great these days... though if I ever see Gnome again, I'll vomit on whoever's keyb
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
U mad bro?
Veni, Vidi, VISA:
I came, I saw, I did a little shopping.
This is why we can't have nice things (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
Re: (Score:2)
For every five hundred thousand or so obstinate windows users who think they are punishing us, there is one that it might sink through to. We'll continue to try to save the ones that deserve it, thank you. You can strive to become worthy or you can continue to get bent.
Re: (Score:3)
"Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
Re:This is why we can't have nice things (Score:5, Informative)
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to manually boot from a recovery CD and replace the infected files. Some AV companies provide bootable CDs that can run their software. The best ones use Linux because the Linux NTFS driver just ignores permissions and lets them access those system files and delete them. Then you can use a Windows install disk or the Windows 10 recovery system to replace them and get the system running.
It's a manual process, the rebooting from CD/USB drive and then running the Windows recovery can't be automated.
Re: This is why we can't have nice things (Score:2)
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
Re: (Score:2)
Does AV software having the ability to push UEFI modules sound like a good idea?
re: Another devious malware trick (Score:3)
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
Re: (Score:2)
Thanks, I hadn't seen that one but will look out for it.
Re: (Score:1)
Re: (Score:2)
I have Macs also... I don't really know why... but they are pretty. I buy them and swear I'll use them someday. I am an iPhone user though. I have and love my iPhone 6S Plus and can't wait to get a new battery for it in Paris in a few weeks.
People like debating about which OS is best. The answer is pretty simple... they're all pretty great these days... though if I ever see Gnome again, I'll vomit on whoever's keyb
Re: (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
U mad bro?